WIXLIB

xiiFOREWORDcontribution was porting the Docker command-line interface to Windows. This project helped many Windows developers become familiar with Docker and laid the foundation for Microsoft’s long journey of contributing to the Docker project. TheWindows porting project also skyrocketed me to the top Docker contributor spot formore than two months. Later on, we contributed many other bits and pieces to makesure Docker became a first-class citizen on Microsoft’s Azure cloud offering. Our nextbig step is Windows Containers, a new feature in Windows Server 2016, which is fullyintegrated with Docker.It is exciting to know that we’re still at the start of the containers revolution. Thescene moves incredibly fast, as new technologies and open source tools emerge daily.Everything we take for granted today can and will change in the next few months. Thisis an area where innovators and the greatest minds of our industry are collaboratingto build tools of mass innovation and make the problem of shipping and running software at scale one less thing to worry about for the rest of the software industry.Through his many online articles about Docker and microservices, Jeff Nickoloffhas shown himself to be the champion of the nascent Docker community. His wellwritten, thorough explanations of some very technical topics have allowed developersto quickly learn and use the Docker ecosystem for all its benefits, and, equally important, he notes its drawbacks. In this book, he goes from zero to Docker, shows practices of deploying Docker in production, and demonstrates many features of Dockerwith comprehensive descriptions and comparisons of various ways of achieving thesame task.While reading this book, not only will you learn how to use Docker effectively,you’ll also grasp how it works, how each detailed feature of Docker is meant to beused, and the best practices concocted for using Docker in production. I personallyhad many “Oh, that’s what this feature is for” moments while reading this book.Although writing a book about a technology that moves at an incredible pace is verymuch like trying to paint a picture of a car moving at 60 mph, Jeff has done a fantasticjob at both covering cutting-edge features in Docker and laying a solid foundationthroughout the book. This foundation builds an appreciation and understanding forthe philosophy of containers and microservices that is unlikely to change, no matterwhat Docker looks like in the coming months and years.I hope you find this book as enjoyable and educational as I did.AHMET ALP BALKANOPEN SOURCE SOFTWARE ENGINEER AT MICROSOFT,DOCKER CONTRIBUTORLicensed to Stephanie Bernal nordicka.n@gmail.com

prefaceIn 2011, I started working at Amazon.com. In that first week my life was changed as Ilearned how to use their internal build, dependency modeling, and deployment tooling. This was the kind of automated management I had always known was possible buthad never seen. I was coming from a team that would deploy quarterly and take 10hours to do so. At Amazon I was watching rolling deployments push changes I hadmade earlier that day to hundreds of machines spread all over the globe. If big techfirms had an engineering advantage over the rest of the corporate landscape, this was it.Early in 2013, I wanted to work with Graphite (a metrics collection and graphingsuite). One day I sat down to install the software and start integrating a personal project. At this point I had several years of experience working with open source applications, but few were as dependent on such large swaths of the Python ecosystem. Theinstallation instructions were long and murky. Over the next several hours, I discovered many undocumented installation steps. These were things that might have beenmore obvious to a person with deeper Python ecosystem knowledge. After pouringover several installation guides, reading through configuration files, and fighting anepic battle through the deepest parts of dependency hell, I threw in the towel.Those had been some of the least inspiring hours of my life. I wanted nothing todo with the project. To make matters worse, I had altered my environment in a waythat was incompatible with other software that I use regularly. Reverting those changestook an embarrassingly long time.I distinctly remember sitting at my desk one day in May that year. I was betweentasks when I decided to check Hacker News for new ways to grow my skillset. Articlesabout a technology called Docker had made the front page a few times that week.That evening I decided to check it out. I hit the site and had the software installedwithin a few minutes. I was running Ubuntu on my desktop at home, and Docker onlyhad two dependencies: LXC and the Linux kernel itself.xiiiLicensed to Stephanie Bernal nordicka.n@gmail.com

xivPREFACELike everyone else, I kicked the tires with a “Hello, World” example, but learnedlittle. Next I fired up Memcached. It was downloaded and running in under a minute.Then I started WordPress, which came bundled with its own MySQL server. I pulled acouple different Java images, and then Python images. Then my mind flashed back tothat terrible day with Graphite. I popped over to the Docker Index (this was beforeDocker Hub) and did a quick search.The results came back, and there it was. Some random user had created a Graphiteimage. I pulled it down and created a new container. It was running. A simple but fullyconfigured Graphite server was running on my machine. I had accomplished in lessthan a minute of download time what I had failed to do with several hours a fewmonths earlier. Docker was able to demonstrate value with the simplest of examplesand minimum effort. I was sold.Over the next week, I tried the patience of a close friend by struggling to direct ourconversations toward Docker and containers. I explained how package managementwas nice, but enforcing file system isolation as a default solved several managementproblems. I rattled on about resource efficiency and provisioning latency. I repeatedthis conversation with several other colleagues and fumbled through the containerstory. Everyone had the same set of tired questions, “Oh, it’s like virtualization?”and “Why do I need this if I have virtual machines?” The more questions peopleasked, the more I wanted to know. Based on the popularity of the project, this is astory shared by many.I began including sessions about Docker when I spoke publicly. In 2013 and 2014,only a few people had heard of Docker, and even fewer had actually tried the software.For the most part, the crowds consisted of a few skeptical system administrator typesand a substantial number of excited developers. People reacted in a multitude ofways. Some were pure rejectionists who clearly preferred the status quo. Others couldsee problems that they experienced daily solved in a matter of moments. Those people reacted with an excitement similar to mine.In the summer of 2014, an associate publisher with Manning called me to talkabout Docker. After a bit more than an hour on the phone he asked me if there wasenough content there for a book. I suggested that there was enough for a few books.He asked me if I was interested in writing it, and I became more excited than I hadbeen for some time. That fall I left Amazon.com and started work on Docker in Action.Today, I'm sitting in front of the finished manuscript. My goal in writing this bookwas to create something that would help people of mixed backgrounds get up tospeed on Docker as quickly as possible, but in such a way that they understand theunderlying mechanisms. The hope is that with that knowledge, readers can understand how Docker has been applied to certain problems, and how they might apply itin their own use-cases.Licensed to Stephanie Bernal nordicka.n@gmail.com

acknowledgmentsI believe that I’ve spent enough of my life doing easy things. Before I began this book,I knew that writing it would require a high degree of discipline and an unendingstream of motivation. I was not disappointed.First I’d like to acknowledge Manning Publications for the opportunity to publishthis work. I’d like to thank Ahmet Alp Baken for writing a foreword to the book, aswell as Niek Palm for giving the whole manuscript a technical proofread. Many othersreviewed the manuscript and offered comments at various stages of development,including Robert Wenner, Jean-Pol Landrain, John Guthrie, Benoît Benedetti,Thomas Peklak, Jeremy Gailor, Fernando Fraga Rodrigues, Gregor Zurowski, PeterSellars, Mike Shepard, Peter Krey, Fernando Kobayashi, and Edward Kuns.In this and most other difficult ventures, success is dependent on the collectivecontributions of a support network. I wouldn't be here today without contributionsfrom the following: Portia Dean, for her partnership and support over the last year. Portia, you aremy partner, my righteous and stubborn center. Without you I would have lostmy mind somewhere in this maze of a year. I’ve loved the adventure and can’twait for what comes next.My parents, Kathy and Jeff Nickoloff, Sr., for supporting my technical curiosityfrom a young age and cultivating my strong will.Neil Fritz, for hacking out projects with me over the last 15 years and alwaysbeing open to getting Slices Pizza.Andy Will and the strong engineers of PHX2, for welcoming me to Amazon andalways raising our technical bar. Working with them was an education in itself.Nick Ciubotariu, for fighting the good fight and raising the bar for technicalleadership.xvLicensed to Stephanie Bernal nordicka.n@gmail.com

xviACKNOWLEDGMENTS Cartel Coffee Lab, I spent more time in your HQ than I did my own house thisyear. You have one of the best roasts in the world. People in San Francisco aremissing out.Finally, I want to acknowledge my like-minded friends around the world who’veshared in some part of this journey through learning, sharing, challenging, or justlistening. #noguiLicensed to Stephanie Bernal nordicka.n@gmail.com

about this bookDocker in Action’s purpose is to introduce developers, system administrators, andother computer users of a mixed skillset to the Docker project and Linux containerconcepts. Both Docker and Linux are open source projects with a wealth of onlinedocumentation, but getting started with either can be a daunting task.Docker is one of the fastest-growing open source projects ever, and the ecosystemthat has grown around it is evolving at a similar pace. For these reasons, this bookfocuses on the Docker toolset exclusively. This restriction of scope should both helpthe material age well and help readers understand how to apply Docker features totheir specific use-cases. Readers will be prepared to tackle bigger problems andexplore the ecosystem once they develop a solid grasp of the fundamentals covered inthis book.RoadmapThis book is split into three parts.Part 1 introduces Docker and container features. Reading it will help you understand how to install and uninstall software distributed with Docker. You’ll learn how torun, manage, and link different kinds of software in different container configurations. Part 1 covers the basic skillset that every Docker user will need.Part 2 is focused on packaging and distributing software with Docker. It covers theunderlying mechanics of Docker images, nuances in file sizes, and a survey of different packaging and distribution methods. This part wraps up with a deep dive into theDocker Distribution project.Part 3 explores multi-container projects and multi-host environments. Thisincludes coverage of the Docker Compose, Machine, and Swarm projects. These chapters walk you through building and deploying multiple real world examples thatshould closely resemble large-scale server software you’d find in the wild.xviiLicensed to Stephanie Bernal nordicka.n@gmail.com

xviiiABOUT THIS BOOKCode conventions and downloadsThis book is about a multi-purpose tool, and so there is very little “code” includedin the book. In its place are hundreds of shell commands and configuration files.These are typically provided in POSIX-compliant syntax. Notes for Windows usersare provided where Docker exposes some Windows-specific features. Care wastaken to break up commands into multiple lines in order to improve readabilityor clarify annotations. Referenced repositories are available on Docker Hub(https://hub.docker.com/u/dockerinaction/) with sources hosted on GitHub(https://github.com/dockerinaction). No prior knowledge of Docker Hub orGitHub is required to run the examples.This book uses several open source projects to both demonstrate various featuresof Docker and help the reader shift software-management paradigms. No single software “stack” or family is highlighted other than Docker itself. Working through theexamples, the reader will use tools such as WordPress, Elasticsearch, Postgres, shellscripts, Netcat, Flask, JavaScript, NGINX, and Java. The sole commonality is a dependency on the Linux kernel.About the authorJeff Nickoloff builds large-scale services, writes about technology, and helps peopleachieve their product goals. He has done these things at Amazon.com, Limelight Networks, and Arizona State University. After leaving Amazon in 2014, he founded a consulting company and focused on delivering tools, training, and best practices forFortune 100 companies and startups alike. If you’d like to chat or work together, youcan find him at http://allingeek.com, or on Twitter as @allingeek.Author OnlinePurchase of Docker in Action includes free access to a private web forum run by Manning Publications where you can make comments about the book, ask technical questions, and receive help from the author and from other users. To access the forumand subscribe to it, point your web browser to www.manning.com/books/docker-inaction. This page provides information on how to get on the forum once you’re registered, what kind of help is available, and the rules of conduct on the forum.Manning’s commitment to our readers is to provide a venue where a meaningfuldialog between individual readers and between readers and the author can take place.It is not a commitment to any specific amount of participation on the part of theauthor, whose contribution to the Author Online remains voluntary (and unpaid). Wesuggest you try asking the author some challenging questions lest his interest stray!The Author Online forum and the archives of previous discussions will be accessiblefrom the publisher’s website as long as the book is in print.Licensed to Stephanie Bernal nordicka.n@gmail.com

about the cover illustrationThe figure on the cover of Docker in Action is captioned “The Angler.” The illustrationis taken from a nineteenth-century collection of works by many artists, edited by LouisCurmer and published in Paris in 1841. The title of the collection is Les Français peintspar eux-mêmes, which translates as The French People Painted by Themselves. Each illustration is finely drawn and colored by hand and the rich variety of drawings in the collection reminds us vividly of how culturally apart the world’s regions, towns, villages, andneighborhoods were just 200 years ago. Isolated from each other, people spoke different dialects and languages. In the streets or in the countryside, it was easy to identifywhere they lived and what their trade or station in life was just by their dress.Dress codes have changed since then and the diversity by region, so rich at thetime, has faded away. It is now hard to tell apart the inhabitants of different continents, let alone different towns or regions. Perhaps we have traded cultural diversityfor a more varied personal life—certainly for a more varied and fast-paced technological life.At a time when it is hard to tell one computer book from another, Manning celebrates the inventiveness and initiative of the computer business with book coversbased on the rich diversity of regional life of two centuries ago, brought back to life bypictures from collections such as this one.xixLicensed to StephanieBernal nordicka.n@gmail.com www.allitebooks.com

xxABOUT THE COVER ILLUSTRATIONLicensed to Stephanie Bernal nordicka.n@gmail.com

Part 1Keeping a Tidy ComputerIsolation is a core concept to so many computing patterns, resource management strategies, and general accounting practices that it is difficult to even begincompiling a list. Someone who learns how Linux containers provide isolation forrunning programs and how to use Docker to control that isolation can accomplish amazing feats of reuse, resource efficiency, and system simplification.A thorough understanding of the material in this part is a solid foundationfor every reader to take on the rapidly growing Docker and container ecosystem.Like the Docker tool set itself, the pieces covered here provide building blocksto solving larger problems. For that reason, I suggest that you try to resist theurge to skip ahead. It may take some time to get to the specific question that ison your mind, but I’m confident that you’ll have more than a few revelationsalong the way.Licensed to Stephanie Bernal nordicka.n@gmail.com

2FCHAPTERLicensed to Stephanie Bernal nordicka.n@gmail.com

Welcome to DockerThis chapter covers What Docker is An introduction to containers How Docker addresses software problems thatmost people tolerate When, where, and why you should use Docker Example: “Hello, World”If you’re anything like me, you prefer to do only what is necessary to accomplish anunpleasant or mundane task. It’s likely that you’d prefer tools that are simple to useto great effect over those that are complex or time-consuming. If I’m right, then Ithink you’ll be interested in learning about Docker.Suppose you like to try out new Linux software but are worried about runningsomething malicious. Running that software with Docker is a great first step in protecting your computer because Docker helps even the most basic software userstake advantage of powerful security tools.If you’re a system administrator, making Doc

12.1 Introducing Docker Machine 249 Building and managing Docker Machines 250 Configuring Docker clients to work with remote daemons 252 12.2 Introducing Docker Swarm 255 Building a Swarm cluster with Docker Machine 255 Swarm extends the Docker Remote API 258 12.3 Swarm scheduling 261 The Spread algorithm 261 Fine-tune scheduling with